“A Shiny App for R-Package Risk Assessment”

Validating open-source software

  • Consortia of ~50 companies (mostly pharma and biotech)
  • Focus on designing/building a framework to validate R and R packages with an eye to all open-source software.
  • pharmar.org to learn about all workstreams and to get involved!
  • The main goal is ensuring proper validation documentation exists in accordance with expectations of regulatory agencies.

Two tools

Quantify risk programmatically

Interactive app for an organization

What do they do?

is a framework to quantify an R package’s “risk” … by assessing several meaningful metrics designed to evaluate package development best practices, code documentation, community engagement, and development sustainability.

is a full-fledged R package containing a shiny front-end … that augments the utility of {riskmetric}. The application’s goal is to provide a central hub for an organization to review and assess the risk of R packages, providing handy tools and guide rails along the way.

Software quality mitigates potential risks

Sometimes “quality” is measurable! Software dev best practices dictate an R-package should have:

  • A license
  • Source code available for browsing
  • An easy to contact maintainer
  • Up-to-date news regarding new features and bugs
  • A place to report bugs
  • Evidence that new bugs are being addressed
  • Package documentation & user guides/ perhaps a website
  • Complete Function documentation
  • Adequate test coverage
  • Community usage
  • Many more!

Why create a Shiny app?

The app extends the functionality of {riskmetric} by managing the review process within an organizational context, empowering the reviewer to:

  • Analyze {riskmetric} output without the need to write R code
  • Run {riskmetric} on the same machine with the same environment – creating central hub for reproducibility of risk scores
  • Facilitate and store communication on certain packages / metrics
  • Automatically categorize a package with an overall decision (i.e., low, medium, or high risk) based on {riskmetric} scores
  • Or take a more hands-on approach categorizing packages using subjective opinions from yourself or consensus from other users
  • Generate reports with the risk score, metrics outputs, reviewer comments, and more
  • Log assessments in a database for future viewing or historical backup
  • Leverage user authentication with admin roles to manage users and tasks like org-level metric weighting

Demo

Shinyapps.io